Best-practice to redistribute NAT entries into OSPF
I have several different subnets that are all either NAT'd or accessible via a VPN. There's no actual route on the ASA to the addresses, and they're not directly connected, eliminating the usual redistribution commands.
What is the best-practice for redistributing such entries into an OSPF area? In the past, I've had static entries on the upstream firewall, allowing the rest of the network to see this. I'm trying to get rid of as many static routes as possible (or at least make them a floating route so as to provide backup should something in OSPF fail), but am having difficulty figuring out how to redistribute these into the OSPF area.
I can't use a summary-address command as there's no external routes that are being redistributed. The area range command is out as I don't have a separate area that routes are being redistributed from.
One thought I've had is to create a static null route for each subnet (allowing me to redistribute static, and have the static entries only on the originating box), but I imagine rather than NAT'ng or open the site-to-site VPN, it would discard traffic (as the destination is null).
Any ideas on what to do when you have "imaginary" addresses that don't exist anywhere but in NAT entries or that's defined as interesting traffic for a site-to-site VPN?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...